[Touch-packages] [Bug 1712039] Re: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache
This bug was fixed in the package apparmor - 2.12-4ubuntu5
---
apparmor (2.12-4ubuntu5) bionic; urgency=medium
[ Didier Roche ]
* debian/patches/ubuntu/communitheme-snap-support.patch:
- support communitheme snap (LP: #1762983)
[ Jamie Strandboge ]
* debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
chromium (LP: #1101298, LP: #1594589, LP: #1647142)
- add attach_disconnected
- allow reading /proc/vmstat
- don't require owner match for /proc/pid/{stat,status} and task
counterparts
- adjust pci[0-9] to be pci[0-9a-f]
- allow reading all uevents and /sys/devices/virtual/tty/tty0/active
- allow ptracing xdgsettings and lsb-release
- xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
- lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
distro-info
- use 'm' on on sandbox
* debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
/var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
(LP: #1712039)
-- Jamie Strandboge Tue, 17 Apr 2018 20:15:16 +
** Changed in: apparmor (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1712039
Title:
AppArmor profile misses entry for
/var/lib/snapd/desktop/applications/mimeinfo.cache
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
The evince AppArmor profile seems to miss an entry for
/var/lib/snapd/desktop/applications/mimeinfo.cache.
If evince is launched, the following gets logged to syslog:
kernel: [81577.596186] audit: type=1400 audit(1503306090.062:2011):
apparmor="DENIED" operation="open" profile="/usr/bin/evince"
name="/var/lib/snapd/desktop/applications/mimeinfo.cache" pid=32268
comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
I don't know if this should be allowed or denied. If you could add the
correct behaviour to the profile, that would be nice; otherwise, every
time evince is launched, a notification pops up (apparmor-notify
installed).
(Workaround:
Add to original profile (/etc/apparmor.d/usr.bin.evince):
#include
Insert into local profile (/etc/apparmor.d/local/usr.bin.evince):
/var/lib/snapd/desktop/applications/mimeinfo.cache r,
)
Release: Ubuntu 16.04.3 LTS
Package Version: evince-common 3.18.2-1ubuntu4.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1712039/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1712039] Re: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache
** Changed in: apparmor (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1712039 Title: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache Status in apparmor package in Ubuntu: Fix Committed Bug description: The evince AppArmor profile seems to miss an entry for /var/lib/snapd/desktop/applications/mimeinfo.cache. If evince is launched, the following gets logged to syslog: kernel: [81577.596186] audit: type=1400 audit(1503306090.062:2011): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/var/lib/snapd/desktop/applications/mimeinfo.cache" pid=32268 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 I don't know if this should be allowed or denied. If you could add the correct behaviour to the profile, that would be nice; otherwise, every time evince is launched, a notification pops up (apparmor-notify installed). (Workaround: Add to original profile (/etc/apparmor.d/usr.bin.evince): #include Insert into local profile (/etc/apparmor.d/local/usr.bin.evince): /var/lib/snapd/desktop/applications/mimeinfo.cache r, ) Release: Ubuntu 16.04.3 LTS Package Version: evince-common 3.18.2-1ubuntu4.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1712039/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1712039] Re: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache
** Changed in: apparmor (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1712039 Title: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache Status in apparmor package in Ubuntu: In Progress Bug description: The evince AppArmor profile seems to miss an entry for /var/lib/snapd/desktop/applications/mimeinfo.cache. If evince is launched, the following gets logged to syslog: kernel: [81577.596186] audit: type=1400 audit(1503306090.062:2011): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/var/lib/snapd/desktop/applications/mimeinfo.cache" pid=32268 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 I don't know if this should be allowed or denied. If you could add the correct behaviour to the profile, that would be nice; otherwise, every time evince is launched, a notification pops up (apparmor-notify installed). (Workaround: Add to original profile (/etc/apparmor.d/usr.bin.evince): #include Insert into local profile (/etc/apparmor.d/local/usr.bin.evince): /var/lib/snapd/desktop/applications/mimeinfo.cache r, ) Release: Ubuntu 16.04.3 LTS Package Version: evince-common 3.18.2-1ubuntu4.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1712039/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1712039] Re: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1712039 Title: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache Status in apparmor package in Ubuntu: Confirmed Bug description: The evince AppArmor profile seems to miss an entry for /var/lib/snapd/desktop/applications/mimeinfo.cache. If evince is launched, the following gets logged to syslog: kernel: [81577.596186] audit: type=1400 audit(1503306090.062:2011): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/var/lib/snapd/desktop/applications/mimeinfo.cache" pid=32268 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 I don't know if this should be allowed or denied. If you could add the correct behaviour to the profile, that would be nice; otherwise, every time evince is launched, a notification pops up (apparmor-notify installed). (Workaround: Add to original profile (/etc/apparmor.d/usr.bin.evince): #include Insert into local profile (/etc/apparmor.d/local/usr.bin.evince): /var/lib/snapd/desktop/applications/mimeinfo.cache r, ) Release: Ubuntu 16.04.3 LTS Package Version: evince-common 3.18.2-1ubuntu4.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1712039/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1712039] Re: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache
The file itself may be not specific to evince, but the behaviour that evince tries to read it (and AppArmor denies that) is specific to the AppArmor profile file that gets delivered with evince-common (/etc/apparmor.d/usr.bin.evince). That is why i think it affects the package evince or evince-common, to be precise. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1712039 Title: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache Status in apparmor package in Ubuntu: New Bug description: The evince AppArmor profile seems to miss an entry for /var/lib/snapd/desktop/applications/mimeinfo.cache. If evince is launched, the following gets logged to syslog: kernel: [81577.596186] audit: type=1400 audit(1503306090.062:2011): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/var/lib/snapd/desktop/applications/mimeinfo.cache" pid=32268 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 I don't know if this should be allowed or denied. If you could add the correct behaviour to the profile, that would be nice; otherwise, every time evince is launched, a notification pops up (apparmor-notify installed). (Workaround: Add to original profile (/etc/apparmor.d/usr.bin.evince): #include Insert into local profile (/etc/apparmor.d/local/usr.bin.evince): /var/lib/snapd/desktop/applications/mimeinfo.cache r, ) Release: Ubuntu 16.04.3 LTS Package Version: evince-common 3.18.2-1ubuntu4.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1712039/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1712039] Re: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache
The file is not specific to evince, that's probably better placed in a common file from appamor itself right? ** Package changed: evince (Ubuntu) => apparmor (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1712039 Title: AppArmor profile misses entry for /var/lib/snapd/desktop/applications/mimeinfo.cache Status in apparmor package in Ubuntu: New Bug description: The evince AppArmor profile seems to miss an entry for /var/lib/snapd/desktop/applications/mimeinfo.cache. If evince is launched, the following gets logged to syslog: kernel: [81577.596186] audit: type=1400 audit(1503306090.062:2011): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/var/lib/snapd/desktop/applications/mimeinfo.cache" pid=32268 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 I don't know if this should be allowed or denied. If you could add the correct behaviour to the profile, that would be nice; otherwise, every time evince is launched, a notification pops up (apparmor-notify installed). (Workaround: Add to original profile (/etc/apparmor.d/usr.bin.evince): #include Insert into local profile (/etc/apparmor.d/local/usr.bin.evince): /var/lib/snapd/desktop/applications/mimeinfo.cache r, ) Release: Ubuntu 16.04.3 LTS Package Version: evince-common 3.18.2-1ubuntu4.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1712039/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
